And the consequences are hefty: “the total cost of a typical breach of 10,000 personal records held by an organization” is around $2 million (Computerworld) for a company.

With price tags running into the millions, it should be a no-brainer that executives involve themselves in their company’s cybersecurity strategy.  But in reality only a small percentage of company’s C-level executives actually take part in crafting and supporting a comprehensive cybersecurity strategy for their organization.

However, for those executives that do choose to participate in the cybersecurity discussion and commit to allocating resources to protecting themselves – there is a huge payoff.

According to Larry Clinton, president of the ISA, 80 – 90% of cybersecurity threats can be avoided through a “combination of best practices, standards and security technology.”

If there is resistance within your organization to taking the proper precautions to securing the company’s cyber infrastructure, considering sharing the report with your CFO – beyond offering up the staggering figures above, it also shares recommendations on how to mediate cyberrisk.

How prepared is your company for a cyberattack? Who is involved in crafting cybersecurity policy at your org?

The UK’s Telegraph is reporting that nearly 42% of businesses surveyed for a Symantec security report lost confidential or proprietary data during 2009. And an even higher percentage – 75% of respondents – reported experiencing some type of cyber crime during the last 12 months.

What this boils down to?  An average loss of 1.2 Million Pounds (1.9 Million Dollars) PER COMPANY during 2009.

Financial loss totals were assessed based on a number of factors including lost revenue, loss of customer relationships and damage to their firm’s brand.

While some might find these figures surprising, in light of recent situations some may wonder why the dollar amount wasn’t steeper. Increasingly, these types of events are becoming all too common - and front and center news.

Two of the most prominent (and recent) examples that come to mind are Google and Intel.

On January 12^th of this year Google reported that it had been the victim of “sophisticated cyber attacks” that originated from China.  As a result Google threatened to shut-down offices in China and stopped cooperating with Chinese censorship laws.

More recently (this past Tuesday to be exact), Intel announced in a filing with the US Securities and Exchange Commission that a “sophisticated [attack] incident” had occurred (around the same time as the attacks on Google).  While no further details were provided on the incident, it’s hard to imagine that no price tag was attached to it if they felt compelled to report it to the SEC.

While these Fortune 500 companies are much larger targets than the majority of companies out there, they’re also clear examples that no organization is immune from attack.  And when attacks occur – they are costly.

Prevention will always be the best form of protection here. Has your organization taken the proper measures to plan for and protect against these types of attacks?  If you haven’t, begin assessing vulnerabilities immediately and put a plan in place to address them.